Bouncing fraudulent transactions through multiple “mule” accounts before ultimately transferring those funds out of the country is nothing new. Crooks want to stay as far away from the trail of dirty money as possible, making money mules the perfect way to cover their tracks.
Reported instances of money mule use in fraud cases have never been higher at Q2. The scenario works like this: An account holder falls victim to some flavor of online scam, be it romance, elderly, work from home; take your pick. The victim is coerced into receiving funds into their account with specific instructions to transfer them back out of the account essentially immediately. These situations occur much more often than you may think and are particularly difficult to defend against, as the institution’s actual account holder is initiating the transactions.
This is where transaction monitoring using behavioral analytics comes in. The moment “Authorize” is clicked on the outgoing transfer, Q2’s proprietary Risk and Fraud Analytics (RFA) engine immediately scrutinizes that transaction. In the case of the money mule fraud scheme, the recipient account is a new recipient to that account holder. As this particular end user has never transferred funds to the recipient before, this transaction—which appears suspicious based on the user’s history—will be stopped by RFA.
Just this week, we saw this exact scenario play out in a case reported to the Q2 Fraud team. RFA blocked an outgoing transfer and, upon callback, the customer service representative discovered the account holder was working under instructions related to an exciting new online work-from-home opportunity. Recognizing this as a scam, the institution canceled the outgoing transaction to prevent a loss.
If there is a moral to this anecdote, it’s that security awareness is not perfect. Humans will inevitably fall victim to the constant online hustle of the cyber crook. Combining machine learning with education and awareness training is key to a well-rounded defense. Leveraging a layered security model with the technology of algorithmic intelligence at its backbone provides the security depth needed when the human element is exploited.
As we move past Cyber Security Awareness month, it’s essential to maintain the mindset that security is not a “set it and forget it” practice. The threat landscape is constantly evolving, and we as security practitioners must continually work to keep pace. Looking forward, expect to see continually innovative security solutions being developed as we at Q2 work to provide our institutions with the tools you need to keep the upper hand.
*RFA is now known as Q2 Sentinel.